Skip to content
This repository was archived by the owner on Mar 2, 2026. It is now read-only.

chore(deps): update dependency requests to v2.32.4 [security] - autoclosed#616

Closed
renovate-bot wants to merge 1 commit intogoogleapis:mainfrom
renovate-bot:renovate/pypi-requests-vulnerability
Closed

chore(deps): update dependency requests to v2.32.4 [security] - autoclosed#616
renovate-bot wants to merge 1 commit intogoogleapis:mainfrom
renovate-bot:renovate/pypi-requests-vulnerability

Conversation

@renovate-bot
Copy link
Copy Markdown
Contributor

@renovate-bot renovate-bot commented Jun 10, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
requests (source, changelog) ==2.32.3 -> ==2.32.4 age confidence

GitHub Vulnerability Alerts

CVE-2024-47081

Impact

Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs.

Workarounds

For older versions of Requests, use of the .netrc file can be disabled with trust_env=False on your Requests Session (docs).

References

https://github.com/psf/requests/pull/6965
https://seclists.org/fulldisclosure/2025/Jun/2

Release Notes

psf/requests (requests)

v2.32.4

Compare Source

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
    environment will retrieve credentials for the wrong hostname/machine from a
    netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS.
  • Dropped support for pypy 3.9 following its end of support.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate-bot renovate-bot requested review from a team June 10, 2025 21:11
@trusted-contributions-gcf trusted-contributions-gcf Bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Jun 10, 2025
@product-auto-label product-auto-label Bot added size: xs Pull request size is extra small. api: datastore Issues related to the googleapis/python-datastore API. labels Jun 10, 2025
@gcf-owl-bot gcf-owl-bot Bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 10, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 10, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from ad33981 to f1b23a1 Compare June 11, 2025 02:10
@trusted-contributions-gcf trusted-contributions-gcf Bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Jun 11, 2025
@gcf-owl-bot gcf-owl-bot Bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 11, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 11, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from f1b23a1 to 0f685eb Compare June 11, 2025 11:02
@trusted-contributions-gcf trusted-contributions-gcf Bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Jun 11, 2025
@gcf-owl-bot gcf-owl-bot Bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 11, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 11, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 0f685eb to a2e74c7 Compare June 11, 2025 19:00
@trusted-contributions-gcf trusted-contributions-gcf Bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Jun 11, 2025
@gcf-owl-bot gcf-owl-bot Bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 11, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 11, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from a2e74c7 to 2e06723 Compare June 12, 2025 01:34
@trusted-contributions-gcf trusted-contributions-gcf Bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Jun 12, 2025
@gcf-owl-bot gcf-owl-bot Bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 12, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 3eed265 to 5afd43e Compare June 13, 2025 05:53
@trusted-contributions-gcf trusted-contributions-gcf Bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Jun 13, 2025
@gcf-owl-bot gcf-owl-bot Bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 13, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 13, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 5afd43e to c66b5e1 Compare June 13, 2025 19:34
@trusted-contributions-gcf trusted-contributions-gcf Bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Jun 13, 2025
@gcf-owl-bot gcf-owl-bot Bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 13, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 13, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from c66b5e1 to ce64fb4 Compare June 14, 2025 01:39
@trusted-contributions-gcf trusted-contributions-gcf Bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Jun 14, 2025
@gcf-owl-bot gcf-owl-bot Bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 14, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 14, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from ce64fb4 to 92306a3 Compare June 14, 2025 09:16
@trusted-contributions-gcf trusted-contributions-gcf Bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Jun 14, 2025
@gcf-owl-bot gcf-owl-bot Bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 14, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 14, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from 92306a3 to e2850d9 Compare June 14, 2025 18:54
@trusted-contributions-gcf trusted-contributions-gcf Bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Jun 14, 2025
@gcf-owl-bot gcf-owl-bot Bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jun 14, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 14, 2025
@renovate-bot renovate-bot force-pushed the renovate/pypi-requests-vulnerability branch from e2850d9 to b1bb182 Compare June 15, 2025 02:13
@trusted-contributions-gcf trusted-contributions-gcf Bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Jun 15, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 15, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

@mrfaizal mrfaizal

Labels

api: datastore Issues related to the googleapis/python-datastore API. owlbot:run Add this label to trigger the Owlbot post processor. size: xs Pull request size is extra small.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@renovate-bot @mrfaizal @yoshi-kokoro